GhostCommit Attack Hides Prompt Injection Inside Images
University of Missouri, Kansas City researchers disclosed GhostCommit on July 10, 2026, a proof-of-concept attack that hides a secret stealing instruction inside a pull request’s image file. AI code…
Read the full articleYou might also wanna read
'Ghostcommit' hides prompt injection in images to fool AI agents, steal secrets
The 'Ghostcommit' technique hides malicious prompt injection instructions inside PNG images within a code repository. These images are ignor
Ghostcommit attack hides malicious AI instructions in images
A proof-of-concept attack hides prompt injection in a PNG file, turning routine code reviews into a path for secret theft.
'Ghostcommit' hides prompt injection in images to fool AI agents, steal secrets
A PNG hiding a prompt injection could steal your repo's secrets, researchers demonstrate. The technique, dubbed 'Ghostcommit,' slipped past
'Ghostcommit' hides prompt injection in images to fool AI agents, steal secrets
A PNG hiding a prompt injection could steal your repo's secrets, researchers demonstrate. The technique, dubbed 'Ghostcommit,' slipped past
Ghostcommit Attack: Malicious Instructions in Images Deceive AI Agents
Researchers have introduced the Ghostcommit method, which allows embedding prompt injections into PNG images to steal secrets via AI agents.
Hackers Have a New Trick: Images That Secretly Tell AI to Steal Your Data
Cybersecurity researchers have uncovered a new supply chain attack technique called “Ghostcommit”, which hides malicious instructions inside

New Ghostcommit Attack Tricks AI Coding Agents Into Stealing Secrets
Security researchers have exposed a clever new way to weaponize AI coding assistants, and it hides in plain sight. The attack, named Ghostco

Comments
Sign in to join the conversation.
No comments yet. Be the first.